Cyber Liability Claim Scenarios
A financial institution employee’s laptop, containing sensitive client data, went missing. Multiple lawsuits are pending by individuals whose data has been compromised, and a Gramm-Leach-Bliley (GLB) regulatory investigation is ongoing. Total defense costs exceeded $700,000.
A well-known specialty company was sued by customers claiming that the store’s online shopping website was deceptive and confusing in regard to shipping costs. Claimants alleged that the site’s “shopping cart” feature frequently charged customers for ‘rush’ shipping without the customers’ prior knowledge or approval. The suit required the company to issue refunds of overcharges to more than 1,500 customers.
An online retailer’s network was hacked by an unauthorized user and customers’ credit card information was exposed. A class action lawsuit was recently filed against the retailer.
An online manufacturer inaccurately compared its product to a competitor’s product, triggering a lawsuit claiming misrepresentation and unfair trade practices. Defense expenses already exceeded $375,000.
An online business process software (ASP) inadvertently provided access to a non-authorized user. Confidential customer contact information was exposed to other unauthorized users. A regulatory investigation for a data privacy incident could lead to a fine or penalty. Private suit for loss of, or damage of, data settled for $875,000. Defense expenses incurred in excess of $275,000.
A designer’s apparel company included the names of competing designers in its website’s metatags (“invisible” keywords inserted in the page code), hoping to attract customers of competing brands in search engine listings. The designer was sued by the competitors who claimed that use of their trademarked names in metatags was inappropriate and unauthorized use of trademarks, and deceptive to consumers. Customers sued the company for several million dollars in damages.
A company’s web-based account management service was unavailable for a period of three days, after a disgruntled client launched a denial of service attack on the site somewhere in Europe. During that time period, customers were unable to access the system to make payments, execute transactions, or check account balances. Customers sued the company for more than $750,000 in damages.
A computer engineer who had been hired to update the computer system of a sheet metal company was fired due to incompetence. When the company refused to pay him, the engineer hacked into the company’s computer system and deleted its files. The company was forced to pay over $95,000 to rectify the damage.
A company’s e-mail system inadvertently transmitted a malicious virus to more than 1,500 clients and recipients, causing widespread loss of data, among other damages. The company was sued by the receiving firms for failing to detect and prevent this virus transmission, claiming losses, which totaled more than $3.1 million.
An energy company was sued by an ex-employee for breach of privacy, when comments about the ex-employee were circulated via the Internet. The company was forced to pay over $400,000 in damages.